1 . (Currently Amended) A method for facilitating secure data communications using a 
secret key for encrypting data flowing between first computing node comprising a 
processor and a memory and second e ntities computiim node comprisina a processor and 
a memory oyer a communications link, the method comprising: 

determining that the communications link has been is idle in response to detecting 

that a heartbeat flowed across the communications link : 
determining that there is data to flow oyer the preyiously idle communications link; 
and 

responsiye to determining that there is data to flow oyer the preyiously idle 
communications link and determininu that the communication link is idle , 
initiating generation of a new secret key, the new secret key for encrypting 
data sent between the first computing node and the second e ntiti e s computing 
node oyer the communications link. 

2-38. (canceled). 

39. (Currently Amended) A method performed at a first entity computing node comprising a 
processor and a memory for facilitating secure data communications by using a secret key 
for encrypting data flowing between said first computing node and a second entity 
computing node comprising a processor and a memory oyer a communications link, the 
method comprising the st e ps of : 
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determining that the communications hnk has been is idle in response to detecting 
that a heartbeat flowed across the communications link ; 

determining whether that data is available for flow over the pr e viously idle 
communications link; and 

in response to a determination that data is available and a determination that the 
communications link is idle , initiating generation of a new secret key for 
use in encoding at least part of the available data before it the available 
data flows onto the communications link. 

(Original) The method of claim 39 wherein the step of determining that the 
communications link has been idle includes the step of determining that the link has been 
idle for at least a predetermined period of time and the step of initiating generation of a 
new secret key is performed only if the communications link is found to have been idle 
for at least the predetermined period of time. 

(Original) The method of either claim 39 or claim 40 including the additional steps of: 

determining whether the amount of data sent over the communications link since the 
last generation of a secret key exceeds a predetermined amount threshold; and 
if the amount of data sent exceeds the predetermined amount threshold, initiating 
generation of a new secret key. 



(Currently Amended) The method of claim 40 including the additional steps of: 

sending a heartbeat message to the second entity computing node only if it is 
determined that the link has been idle has b ee n idl e for at least the 
predetermined period of time and that there is no data available for flow over 
the communications link; and 
monitoring the communications link for receipt of an acknowledgement from the 
second e ntity computing node . 

(Currently Amended) The method of claim 42 including the additional step terminating 
the communications link with the second e ntity computing node if no acknowledgement 
is received from the second e ntity computiim node within a predetermined period of time. 

(Currently Amended) An apparatus for facilitating secure data communications by using a 
secret key to encrypt data flowing over a communications link between the apparatus and 
a remote system, said apparatus comprising: 

a data detector for determining whether the communications link has b ee n is idle in 
response to detecting that a heartbeat flowed across the communications link, 
the data detector determining that and wh e th e r data is now available for flow 
to the remote system over the communications link; 
key generation logic responsive to determinations that the communications link has 
been idle and there is data now available for flow to the remote system to 



initiate generation of a new secret key for use in encoding at least part of the 
available data before it the available data flows onto the communications 
link. 



45. (Original) The apparatus of claim 45 fiirther including a timer for determining whether 
the communications link has been idle for at least a predetermined period of time and 
wherein said key generation logic initiates generation of the new secret key only if the 
timer indicates that the communications link has been idle for at least the predetermined 
period of time. 

46. (Original) The apparatus of either claim 45 or claim 46 fiirther including a byte measurer 
for determining whether the amount of data sent over the communications link has 
exceeded a predetermined amount threshold since the last generation of a secret key and 
wherein the key generation logic initiates generation of a new secret key if the 
determination is that the amount of data sent has exceeded the predetermined amount 
threshold. 

47. (Original) The apparatus of claim 46 fiirther including a heartbeat issuer for sending a 
heartbeat to the remote system if the data detector determines that the communications 
link has been idle but there is no data available for flow to the remote system over the 
communications link. 
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48. (Original) The apparatus of claim 47 further including a detector for monitoring the 

communications link for an acknowledgment of the heartbeat from the remote system. 

49. (Original) The apparatus of claim 48 fiirther including a connection terminator for 
terminating the communications link if the detector fails to detect an acknowledgment of 

the heartbeat from the remote system within the predetermined period of time. 

50. (Currently Amended) A program product comprising a computer usabl e readable storage 
media embodying program instructions which, wh e n executed ia by a compute r, r e sults in 
th e computer to facilitateiag secure data communications with a remote system by using a 
secret key for encrypting data flowing between the computer and the remote system over 
a communications link by: 

determining that the communications link has b ee n is idle; 

sending a heartbeat message to the remote system only in response to determining 
that the link has been idle for at least a predetermined period of time and that 
there is no data available for flow oyer the communications link: 

monitoring the communications link for receipt of an acknowledgement from the 
remote system: 

receiving the acknowledgement from the remote system within a predetermined 
period of time: 
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determining whether that data is available for flow over the previously idle 

communications link; «id 
detecting that a heartbeat flowed across the communications link; and 
only in response to a determination that data is available for flow over the idle 
communications link and receiving the acknowledgement from the remote 
svstem within the predetermined period of time , initiating generation of a 
new secret key for use in encoding at least part of the available data before it 
the available data flows onto the communications lin k, such that generation 
of a new secret key exclusively occurs when data is available for flow over 
the idle communications link. 



5 1 . (Original) The program product of claim 50 fiirther including program instructions for 
determining whether the communications link has been idle for at least a predetermined 
period of time and for generating a new secret key only if the communications link is 
found to have been idle for at least the predetermined period of time. 

52. (Original) The program product of either claim 50 or claim 5 1 including additional 
program instructions for: 

determining whether the amount of data sent over the communications link since the 
last generation of a secret key exceeds a predetermined amount threshold; and 
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initiating generation of a new secret key if the amount of data sent is determined to 
have exceeded the predetermined amount threshold. 



53. (Cancelled). 



54. (Currently Amended) The program product of claim §3- 50 including an additional 

program instruction for terminating the communications link with the remote system if no 
acknowledgement is received from the remote system within a tiie predetermined period 
of time. 
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